CVE-2025-40816 | THREATINT

Description

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-11 | Updated 2025-11-12 | Assigner siemens

HIGH: 7.6CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

HIGH: 7.2CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

References

cert-portal.siemens.com/productcert/html/ssa-267056.html

cve.org (CVE-2025-40816)

nvd.nist.gov (CVE-2025-40816)

Download JSON